X2Go Bug report logs - #310
X2Go logins as root scatter PostgreSQL database with half-started sessions

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Mon, 23 Sep 2013 11:48:02 UTC

Severity: normal

Tags: pending

Found in version 4.0.1.6

Fixed in version 4.0.1.7

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#310; Package x2goserver. (Mon, 23 Sep 2013 11:48:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Mon, 23 Sep 2013 11:48:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: submit@bugs.x2go.org
Subject: X2Go logins as root scatter PostgreSQL database with half-started sessions
Date: Mon, 23 Sep 2013 13:39:15 +0200
[Message part 1 (text/plain, inline)]
Package: x2goserver
Version: 4.0.1.6

When the PostgreSQL backend is used, it is not possible to add root as  
X2Go User to the DB.

Whereas running X2Go as root is absolutely disrecommended, the  
attempts to start X2Go sessions as root results in broken session  
entries in the X2GO database.

Either logins as root (with PostgreSQL) should be supported or the  
session should refuse to come up at all.

Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#310; Package x2goserver. (Mon, 23 Sep 2013 21:03:01 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Mon, 23 Sep 2013 21:03:01 GMT) (full text, mbox, link).


Message #10 received at 310@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 310-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 310@bugs.x2go.org
Subject: X2Go issue (in src:x2goserver) has been marked as pending for release
Date: Mon, 23 Sep 2013 23:02:44 +0200 (CEST)
tag #310 pending
fixed #310 4.0.1.7
thanks

Hello,

X2Go issue #310 (src:x2goserver) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=91230bd

The issue will most likely be fixed in src:x2goserver (4.0.1.7).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit 91230bdaf3133ede8cd23612d4e6593b2c5a98cf
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Mon Sep 23 23:02:25 2013 +0200

    With PostgreSQL as session db backend, prevent the root user from launching sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user. (Fixes: #310).

diff --git a/debian/changelog b/debian/changelog
index ae4f45c..67d32e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,9 @@ x2goserver (4.0.1.7-0~x2go1) UNRELEASED; urgency=low
       (Fixes: #285).
     - Provide sudoers.d/x2goserver file that allows sudoed commands under
       KDE (by pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
+    - With PostgreSQL as session db backend, prevent the root user from
+      launching sessions. Also, prevent x2gouser_root from being added as a
+      PostgreSQL user. (Fixes: #310).
   * /debian/control:
     - Update LONG_DESCRIPTIONS.
     - Move xfonts-base from Recommends: field to Depends: field (bin:package


Added tag(s) pending. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Mon, 23 Sep 2013 21:03:02 GMT) (full text, mbox, link).


Marked as fixed in versions 4.0.1.7. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Mon, 23 Sep 2013 21:03:02 GMT) (full text, mbox, link).


Message sent on to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Bug#310. (Mon, 23 Sep 2013 21:03:02 GMT) (full text, mbox, link).


Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#310; Package x2goserver. (Fri, 22 Nov 2013 21:03:03 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Fri, 22 Nov 2013 21:03:03 GMT) (full text, mbox, link).


Message #22 received at 310@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 310-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 310@bugs.x2go.org
Subject: X2Go issue (in src:x2goserver) has been marked as closed
Date: Fri, 22 Nov 2013 21:59:27 +0100 (CET)
close #310
thanks

Hello,

we are very hopeful that X2Go issue #310 reported by you
has been resolved in the new release (4.0.1.7) of the
X2Go source project »src:x2goserver«.

You can view the complete changelog entry of src:x2goserver (4.0.1.7)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goserver.

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=447e68e8b82ea4b14e5072e57a0fbc82ef32d687;hp=2d19587c215d49048b6295d87c06c452939a1b8b

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goserver.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goserver
Version: 4.0.1.7
Status: RELEASE
Date: Fri, 22 Nov 2013 21:58:27 +0100
Fixes: 276 278 285 305 310 331
Changes: 
 x2goserver (4.0.1.7) RELEASED; urgency=low
 .
   [ Orion Poplawski ]
   * New upstream version (4.0.1.7):
     - Install Xsession file as executable, make Xsession.d directory location
       configurable during build process, do not create unused Xsession.options.
       (Fixes: #278).
 .
   [ Mike Gabriel ]
   * New upstream version (4.0.1.7):
     - Fine-tune x2goserver-xsession/Makefile: if /etc/X11 has Xsession.d and/or
       Xsession.options they get symlinked into /etc/x2go. Otherwise Xsession.d
       and Xsession.options are created under /etc/x2go as empty dir/file.
       (Fixes: #278).
     - Fix automatic keyboard setup (via x2gosetkeyboard) while resuming a
       session. (Fixes: #285).
     - Provide sudoers.d/x2goserver file that allows sudoed commands under
       KDE (by pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
     - With PostgreSQL as session db backend, prevent the root user from
       launching sessions. Also, prevent x2gouser_root from being added as a
       PostgreSQL user. (Fixes: #310).
     - Execute DB status changes as late as possible during suspend / terminate.
     - Start/resume rootless sessions without geometry parameter. Esp. using
       X2GO_GEOMETRY=fullscreen for rootless sessions lead to an extra 1x1 px
       session window (nxagentCreateIconWindow in nxagent's Window.c).
     - Typo fix in x2goruncommand (for MATE session startup).
   * debian/control:
     + Update LONG_DESCRIPTIONS.
     + Raise Standards: to 3.9.4 (no changes needed).
     + Move xfonts-base to Recommends: field of bin:package x2goserver.
   * debian/x2goserver.init:
     + Make init script LSB compliant.
 .
   [ Helmer Teles ]
   * New upstream version (4.0.1.7):
     - Make umask that is used when mounting client-side folders via SSHFS
       configurable in x2goserver.conf. (Fixes: #331).
 .
   [ Jürgen Hötzel ]
   * New upstream version (4.0.1.7):
     - Use bash-builtin 'type' instead of to be avoided 'which'. (Fixes: #305).
 .
   [ Oleksandr Shneyder ]
   * New upstream version (4.0.0.6):
     - Fix x2goruncommand: "type -P $cmd" can create new lines in EXEC
       variable if command have the arguments wich have same names as existing
       commands, for example "rdesktop -k nl" -> "/usr/bin/rdesktop\n/usr/bin/nl".
       Now we splitting $cmd and taking only first part.


Marked Bug as done Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Fri, 22 Nov 2013 21:03:06 GMT) (full text, mbox, link).


Notification sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Bug acknowledged by developer. (Fri, 22 Nov 2013 21:03:06 GMT) (full text, mbox, link).


Message sent on to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Bug#310. (Fri, 22 Nov 2013 21:03:08 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.x2go.org> to internal_control@bugs.x2go.org. (Sat, 21 Dec 2013 06:24:02 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Mar 29 14:09:04 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.